MgThuraMoeMyint

4 exploits Active since Sep 2019
CVE-2025-54988 NOMISEC HIGH WORKING POC
Apache Tika 1.13-3.2.1 - XML External Entity Injection via Crafted XFA in PDF
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.
18 stars
CVSS 8.4
CVE-2018-25300 EXPLOITDB HIGH text WORKING POC
XATABoost CMS 1.0.0 SQL Injection via news.php
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information.
CVSS 8.2
CVE-2020-22809 EXPLOITDB HIGH text WORKING POC
Windscribe <v1.83 Build 20 - Privilege Escalation
In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
CVSS 7.8
CVE-2019-15889 EXPLOITDB MEDIUM text WORKING POC
WordPress Download Manager < 2.9.94 - Cross-Site Scripting via Category Shortcode Parameters
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
CVSS 6.1